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ABSTRACT THK DISCLOfURE 

A method and system are provided for restricting the use of a vehicle such as an 
5 automobile to a person or perscis whose fingerprints match biometric daU stored within a 
memory in the vehicle's control system. A user's digitized fingerprints are stored in a non- 
volatile permanent ROM in the BIOS of a microcontroller on in a ROM accessed by a 
microprocessor. The microprocessor's primary task is that of executing instructions 
relatul to the operation of the vehicle, such as regulating the fuel flow rate, and 
10 performing other such tasks. Before the microprocessor can execute its instructions 

related to its primary task, it must complete and exit a conditional loop of instructions that 
relate to validating a user's ^real-input** biometric data. Real scanned fingerprints must be 
compared with fingerprint(s) stored in ROM. If the result of the compare is a true, i.e. is a 
match, then the conditional loop is satisfied and the microprocessor can execute its 
1 5 instructions relating to operating the vehicle. 
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BIOMETRICALJLY SECURED CONTROL SYSTEM FOR PREVENTING THE 
UNAUTHORIZED USE OF A VEHICLE 

Fidd of the Invention 

This invention relates to secure control systems and more paiticulariy to a system 
and method for acquiring use of a device dependent upon biometric related input. 

Background of the Invention 



The use of security systems is generally well known. There use is becoming even 
greater with increased availability of distal dectronic components at a relatively low cost. 
Such systems are known for securing buildings, banks, automobiles, computers and many 
other devices. For example, U.S. Pat. No. 4,951,249 discloses a computer security system 

15 which protects computer software from unauthorized access by requiring the user to 

supply a name and a password during the operating system loading procedure ("boot-up") 
of a personal computer (PC). This is accomplished by the insertion of a special card into 
an input/output expansion slot of the PC. During the loading of the operating system of 
the PC. the basic input'output system (BIOS) scans memory addresses of the card for an 

20 identification code, consisting of a 55AA hex code. When this hex code is located, the 
BIOS instructions are vectored to the address where the target hex code resides and 
instructions at the following address are executed as part of the initialization routines of 
the system boot-up procedure. 

25 This PC security system, utilizing a password board, is typical of many systems 

that are currently available. Password boards require a user's name and a password 
associated with that user^s name. Only once a password board detects a valid user's name 
and password does it allow the PC to complete the boot-up routine. Though password 
boards may be useful in some instances, they are inadequate in many respects. 
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For example, an unauthorized skiUed user with a correct password in hand, can 
gain entry to such a processor based system. Yet another undesirable feature ofu\t 
foregoing system is that passwords on occasion are forgotten; and furthermore, and more 
importantly, passwords have been known to be decrypted. 

As of late one of the roost ubiquitous Hoctronic components is the digital 
processor. Multi-purpose and dedicated processors of various types control devices 
ranging from bank machines, to cash registers and automobiles. With ever increasing use 
of these processor based devices, there is greater joitcem that unauthorized use will 
become more prevalent. Thus, the verification and/or authentication of authorized users of 
processor based systents is a burgeoning industry. 

Alarms and security systems to wain of unauthorized use of automobiles and other 
processor controlled systems arc available, however, these security systems have been 
known to be circumvented. Furthermore, automobile alarms that sound, are often ignored 
by passers-by. Unfortunately, many commercially available solutions aimed at preventing 
theft or unauthorized use of automobiles have also been circumvented. 

Thus, it is an object of this invention to provide a method and relatively 
inexpensive system for preventing unauthorized use of a vehicle controlled by a processor • 
based control system. 

Summary of the Invendon 

The foregoing problems are solved by a method and apparatus for controlling 
access to a processor controlled device in which memory-resident software logic 
cooperates with an input device providing "real-input" biomctric data to the processor's 
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input port disabling the controlled device unless authorized user bionnetric data that 
corresponds to data stored in the processor's memory is provided to the processor. 
According to a departure in the art, memory resident software logic is executed by the 
device processor; the execution of a user verification loop is repeated until an authorized 
user biometric key is provided, thereby preventing the device processor from executing its 
normal Ainctions unless the result of a compare operation of "real-input" biometric data 
with stored biometric data is true. The processor nomudly controlling vital functions of 
the automobile, such as fuel delivery is internally halted unless "real-data" from an 
authorized user is provided. 

Operation of the memory-resident software logic is transpiVent to the user and to 
the control programs that normally control the processor controlled device because it is 
installed as a boot-up routine when the device is switchcd-on. At this time, the logic 
continuously monitors a biometric input device, for example in the form of a fingerprint 
scanner, for "real" input data. 

Operation of the device remains suspended until the memory-resident logic 
detects authorized fingerprint data that compares positively with fingerprint data stored in 
the memory. 

Another advantage achieved with the invention is ready adaptability of the system 
to commercially available processor controlled vehicles. 

In accordance with the invention, a biometrically secured control system is 
provided, for preventing an unauthorized use of a vehicle comprising: processor means 
for controlling functions normally associated with the operation of a device; memory 
means for storing biometrically related data and for storing instructions related to 
controlling at least some normal operations of the device; 
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biomctric data input means for providing "rcai-input" btomctrically related data to one of 
the memory means and the processor, and means for preventing the processor from, or 
allowing the process to, execute instructions related to controlling at least the functions 
normally associated with the operation of the device in dependence upon the state of a 
3 compare operation, aft rr • comparison has been performed between "real-input" and 
previously stored biometrically related data. 

Yet in accordance with another aspect of the invention a method is provided of 
validating a user of a vehicle and for allowing a control system of the device to be 

10 operable after validation. Thi^ method comprises the steps of receiving a user's 

biometrically related data from an input device; comparing at least an aspect of the 
received biometrically related daU with stored biometrically related data; preventing a 
processor from executing instnictions normally related to the operation of the device when 
the compared data mis-matches within predetermined limits; and. allowing the processor 

1 5 to execute instructions normally related to the operation of the device after the compared 
data matches, within predetermined limits. 

Brief Descriptioo of the Drawiags 

20 Exemplary embodiments of the invention will now be described in conjunction 

with the drawings in which: 

Fig. 1 a block diagram of a security system in accordance with the invention shown 
having a microprocessor coupled to a fingerprint scanning device; 

23 

Fig. 2 of a block dtag/am of an alternative embodiment of a security system 
having a microcontroller coupled to a fingerprint scanning device in accordance with this 
invention. 
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Fig. 3 is an illustration depicting the basic system operation, showing program 
segmentation; 

Fig. 4 is a block diagram of an alternative embodiment of a security system having 
user programmable features; and. 

Fig. 5 is a high-level flowchart depicting a part of a routine for validating a user 
and for operating a vehicle. 

Detailed Description 

Fig. 1 illustrates a processor based system (PBS) 8 which is modified in 
accordance with the invention to prevent unauthorized usage of one or more devices 18 
related to the operation of a vehicle. For example block 18 shown in Fig. 1 may represent 
the fuel delivery system and/or the ABS braking system of a vehicle. The reference 
numeral 9 designates generally a system of the present invention for providing these 
controlled access and monitoring functions. The system 9 includes b^ometric data input 
means in the form of a fingerprint scanning device 10 and associated, electronic- 
proces^^ing circuitry 12 shown coupled to a microprocessor 14; memory means in the 
form of a read-only memory (ROM) 16 is conveniently logically segmented into a first and 
second logical blocks 16a and 16b respectivdy, the first of which is for storing BIOS and 
program instructions implementing logic routines that in certain instances prevent a 
processor 14 from executing instructions normally associated with controlling the one or 
more devices 18 A second logical memory block 16b contains instructions that relate to 
the control and operation of the one or nrK>re devices 18. 

In the instance whei e this system is used to control operations related to a vehicle, 
in a normal, authorized, mode of operation, the processor 14 controls the vehicle's 
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ignition system, braking system, and jfiiel delivery system. A key-operated ignition switch 
17 is coupled to the processor to provide a signal for providing power to the processor 14 
and for invoking the BIOS start up sequence of instructions stored in boot-up portion 16a 
of the ROM 16 

5 

Referring now to Fif> 2, an alternative embodiment is shown wherein a scanning 
device lO and associates cis aitry 12 is coupled to a microcontroller I4b having the BIOS 
stored within the microconti oiler's internal menK>ry 14c. External ROM 16c is coupled to 
the processor and is stored with instructions related to the control of one or more devices 

10 18. In this embodiment, the BIOS essentially comprises input/output routines, sanity 
checks, and more importantly, the set of piogram instructions implementing logic 
routines that in certain instances prevent the microcontroller 14b from executing 
instructions normally associat-xJ with controlling the one or more devices 1 8 In practice, 
if the processor execution remains in a loop, in its verification sequence of instructions 

15 stored in the BIOS, fuel is not supplied to the vehicle. Since the fuel injectors ai C 

electronically controlled by the processor, the vehicle is immobilized until the processor 
receives and verifies biometric input dau that corresponds to stored authorized user's 
data. 

20 Turning now to Fig. 3, a block diagram is shown of a portion of the basic pscudo 

code control program that is stored in ROM 16a for determining whether or not 
associated instructions that control the one or more devices 18 will be executed It should 
be noted m this example, that the instructions are merely exemplary and each pseudo-code 
instruction may comprise several micro-instructions. Of course, the technical aspects of 

25 programming of such instructions is well known and within the capability of those skilled 
in the progranr rning arts In this example a first pseudo-code instruction, GET 
FINGERPRINT, requires several micro-instrucdons to be performed in order to 
accomplish this task. However, the cxplanatic'i of the invention becomes more clear using 
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these high level pseudo-code instructions. In this embodiment, a first (pseudo code) 
instruction at memory address 0001, GET FINGERPRINT is fetched and executed by the 
processor or microcontroller. As a result of executing this instruction, the fingerprint 
device is polled for input. W^irther or not a fingerprint is available, input is received firom 
5 the smarming device 10 and it 3 associated circuitry 12. A next instruction, COMPARE 
TEiMPLATE, at memory adrress 0002 is fetched fi^om memory and executed. Essentially 
this pseudo-code instruction directs the processor to compare "real-input" data that has 
been electronically formattoi into a standard digital representation, with an electronically 
stored fingerprint represW.ed in a same format. If the result of the compare instruction is 
10 tnie, that is if the "real-input" data is determined to be the same, vsrithin a predetermined 
margin of error, as the stored fingerprint data, the processor begins fetching instructions 
firom the block of nriemory 16b associated with the normal operation of device 18. In the 
instance that the compare result is false, the processor 14 sets its instruction counter to 
0001 , and loops to fetch instructions starting at address 000 1 ; the processor remains in 
this loop comprising instructions at address 0001 through 0003 until the compare result is 
true The optional key-switch 17 shown in Fig. 1 is provided to switch the processor and 
overall system on and off. 

in the embodiments shown heretofore, read only memory is provided Thus, the 
20 electrojiicaUy stored ( compare template ) fingerprint, is permanently stored in the ROM 
16a, 16b, or in the BIOS portion of the memory a* may be the case. 

However, in an alternative embodiment shown in Fig. 4. non-volatile read/write 
memory 16d is present to provide a nrK)re flexible and user programmable system 49 The 
25 system 49 is similar to that of 9 in Fig. 1 however includes an input/output device 42, in 
the form of a display terminal coupled to the processor 14. In operation, once the 
verification loop comprising the instructions GET FINGERPRINT. COMPARE 
TFiMPLATE. is exited and verification has been made authenticating a user, the display 
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terminal 42 becomes enabled. Instructions associated with the use of the display terminal 
in tlie form of a menu, are stored in the memory 16b and are presented to a user on the 
display terminaJ. Non-volatile read/write memory 16d is provided to store input 
information such as temporary users biometric input data. When the system is switched off 

5 and powered down by the switch 17, biometric data stored in the memory 16d will remain. 
A menu (a portion of which is shown in Fig. 5) is provided on the display terminal 42 to 
allow a temporary user to be logged into the system for a predetermined period of time, 
thereby allowing a temporary user to use the vehicle. Upon selecting this option, the 
temporary user is prompted to place a finger on the scanner 10 within x seconds so that 

10 **real-input" data can be acquired The data is then stored in the memory 16d for a 

predetermined period of time. However, temporary users can only provide their '*real- 
input data to the system afler a permanent user has successfully passed the verificalion 
loop of instruction? A real time clock 46 coupled to the processor presents the time of 
day to the processor i4a &o that temporary user's biometric data can be eras:^ ' ^fter the 

15 expiration of its allotted time period Alternatively, the menu provides an opiion for a 
temporary user to be deleted from the system. This embodiment can more readily be 
understood in coiijunction with the flow chart of Fig. 5 Upon power-up. the processor 
14a first checks the time of day and erases those entries from memory that have expired; 
(this is not shown in Fig. 5 ) The processor then executes GET FINGERPRINT ai 50 and 

20 compares at 52 the real-input daU with all of its stored fingerprint data. Upon passing the 
verification loop, a menu is provided at 54; furthermore, the vehicle control functions are 
enabled at 56. The menu has a plurality of fimctions, only a few of which are illustrated at 
54 Menu option I for example invokes a routine to get a fingerprint of a temporary user 
and store it in I6d, (see 54. 1 and 54. lb in Fig. 5a.) Other options may also be provided at 

25 54. For example, instructions can be selected by a permanent user after authenticuiion has 
taken place, to limit or restrict a temporary uscr\s access to particular functions For 
instance a permanent user may limit the fuel flow rate to a predetermined m*iximum, thus 
essentially preventing the vehicle fi^om exceeding a maximum speed. This option may be 
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selected, for example when a valet is given temporary use of the vehicle Furthermore, 
instructions may be sciecte<J that pi event temporary users from utilizing the radio or other 
features and options 

Alternatively, a permanent user may disable the system for a predetermined period 
of time to allow any userx (o utilize the system without regard to input data as long as the 
ignition key switch 17 is enabled. 

The system detined heretofore ensures ihat the processor 14 will be prevented 
from executing instructions related to controlling devices associated with a system, unless 
a block of instructions related to verification and authentication of one or more users has 
been successfijlly execute^^ and all required conditions are met Expressed in a different 
way, the processor locks itself in a veiification loop, rejecting the execution of its normal 
routines, until a correct biometric key in the form of biometric data is presented to it 

In the examples shown heretofore, in accordance with the invention, a scheme 
having sequential instructions is shown for simplicity, however, pointers, flags, and 
semaphores can be utilized in a similar system wherein branching and jumping to non- 
sequential blocks of memory is performed. Thus, the verification loop need not be the first 
block of instructions executed, and similarly the control block of instructions need not be 
the second block of instructions executed, however the verification loop of instructions 
should be executed prior to executing the vehicle control instructions as an authorization 
check to ensure that the vehicle control instructions should be executed. 

Advantageously, having a same processor control access to a vehicle and the 
operation of the vehicle, provic'cs a highly secure system If in an unauthorized anempt to 
tamper with and use the vehicle the processor becomes damaged, it will then not provide 
its required fimctions, for example, controlling the ftiel supply to the vehicle. If in an 
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authorized attempt to use the vehicle the processor and memory were replaced with 
another processor and memory, the replacement memory would have to be compatible 
with the processor and control devices and suitably programmed to control the required 
functions relating to the operation of a vehicle; this scenario is highly unlikely. 

Of course, numerous other features and embodiments may be envisaged without 
departing from the spirit and scope of the invention. 
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Claims 

W!iat I claim is: 

5 

A btometrically secured control system for preventing an unauthorized use of a vehicle 
comprising: 

processor means for controlling functions normally associated with the operation of a 
10 device within a vehicle; 

memory means for storing biometricaily related data and for storing instructions related to 
controlling at least some normal operations of the device; 

15 biometric data input means for providing "real-input" biometricaily related data to one of 
the memory means and the processor; and, 

means for pre\'enting the processor from, and allowing the process to, execute instructions 
related to conu^oUing at least the functions normally associated with the operation of the 
20 vehicle in dependence upon the result of a compare operation, afler a comparison has 
been performed between "real" and previously stored biometricaily related data. 

2. A biometricaily secured conu-ol system as defined in claim I, wherein said means for 
23 prevent! ' the processor from executing instructions includes a control sequence of 
instructions. 
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3. A biometrically secured control system as defined in claim 1, wherein said biometric 
data input means comprises a fingerprint scanning input device. 

4. A biometrically secured control system as defined in claim 2, wherein said control 

5 sequence of instructions for preventing the processor fi-om executing instructions includes 
associated instructions for acquiring "real-input" biometric data for and determining if 
acquired *'real-input" biometric daia matches stored biometric data within predetermined 

limits. 

10 5 A biometrically secured control system as defined in claim 4. wherein the operation of 
the vehicle is prevented until a suitable nrmtch occurs between acquir^^d "real" biometric 
related data, and stored biometric data. 

6. A biometrically secured control system as defined in claim 1, wherein the biometric data 
15 input means are provided to at least input biometric data of an authorized user to be 

stored in a memory for later comparison with "real" input data 

7. A biometrically secured control system as defined in claim 1, including an input terminal 
for programming the control system. 

20 

8. A biometrically secured control system as defined in claim 7, wherein the input terminal 
includes a key-pad and display means. 

9 A biometrically secured control system as defined in claim 8, wherein the normal 
25 operation of the input terminal is dependent upon a positive compare result after a 

compa ison has been performed between "real-input" and stored biometrically related 
data. 
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10. A biomctrically secured control system as defined in claim 8» including means tor 
allowing biometric data of a temporai7 user to be logged into the system for a 
predetermined period of time. 

5 11 . A method of validating a user of a vehicle anri for aTowing a control system of the 
vehicle to be operable after said validation, compi ising the steps of 

receiving a user's biomeuically related data from an input device; 
comparing at least an aspect of the received biometricaily related data with stored 
10 biometrically related data; 

preventing a processor fi^om executing instructions normally related to the operation of the 
vehicle when the compared data mis-matches within predetermined limits; and, 
allowing the processor to execute instructions normally related to the operation of the 
vehicle after the compared data matches, within predetermined limits. 

15 

12. A method as defined in claim 11, wherein the preventing and allowing steps are 
performed by the processor in dependence upon the comparing step 

13 A method as defined in claim 12, wherein the step of comparing the data is performed 
20 by logic circuitry within the processor. 

14. A method as defined in claim 11, further comprising the step of providing a temporary 
authorized user's biometrically related data to a memory for storage. 

25 ISA method as defined in claim 1 1 further comprising the step of providing an 

authorized user's biometrically related data to a memory for storage after the processor 
has been allowed to execute instructions normally related to the operation of the vehicle. 
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16. A method as defined in claim 14 or 15 further comprsing the step of providing a time 
interval to the processor relating to the allotted time a temporary user may be validated to 
operate the vehicle. 

1 7. A method as defined in claim 15, fijrther comprising the step of deleting a temporary 
user*s biometrically related daU fi-om the memory. 
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